Univention Bugzilla – Bug 26684
package/deliver univention-support-info
Last modified: 2022-11-15 18:03:23 CET
Angesprochen im Rahmen von 2012020721003071 Der Download von univention-support-info in Umgebungen mit vielen Servern/ohne Internetzugang ist mühsam. Der Kunde würde eine paketierte Version bevorzugen, die automatisch installiert wird.
(In reply to comment #0) > Der Download von univention-support-info in Umgebungen mit vielen Servern/ohne > Internetzugang ist mühsam. Der Kunde würde eine paketierte Version bevorzugen, > die automatisch installiert wird. Wir hatten uns dagegen entschieden weil wir das Script dann nicht so einfach aktualisieren können und somit potentiell von unterschiedlichen Kunden unterschiedliche Archive erhalten. Mit 3.0 könnten wir das vermutlich auch über errata Updates aktuell halten, das Problem der unterschiedlichen Archiv-Versionen besteht dann aber weiterhin (nicht installierte errata Updates etc.).
Dann vielleicht besser in einem Scope bauen und veröffentlichen, dann kann es unabhängig von UCS gepflegt werden. Wir müssten das Tool sonst für alle UCS Versionen parallel aktuell halten.
Wir sollten eine Version für aktuelle UCS-Systeme ausliefern dir sich selbst aktualisieren kann. Zusätzlich können wir das Paket per Errata aktuell halten um auch Systeme ohne Internetzugang zu aktualisieren (evtl. kann das Script auch in den neuen rsync Repository-Mechanismus integriert werden?) Das Script sollte allerdings bei jeder Ausführung ohne Internetzugang eine Warnung ausspucken (evtl. nur wenn es älter ist als 30-60 Tage) dass es sich nicht aktualisieren konnte und daher evtl. nicht alle von uns (Support) erwarteten Informationen enthält.
We now have a package univention-support-info. The script as been adjusted to activate the component repository/online/component/support and perform an access check to apt.software-univention.de. Then it simply runs univention-install on itself. If any of this returns an error, it checks the age of the file and issues an interactive warning if it's older than 30 days. The script finally re-execs itself in case a new package version was installed. * This still requires some test setup, currently the corresponding component is not yet available: WARNING: repository/online/component/support not reachable on repository/online/server ( testing.univention.de ) * Tests with missing connection to an online repository are required as well.
(In reply to Arvid Requate from comment #4) > perform an access check to apt.software-univention.de. We should use the official repository server: updates.software-univention.de
Documentation may be placed in the official manual and should contain all informations from http://sdb.univention.de/1174 (upload, enctypt etc.)
Requested during technical training.
Latest version is in trunk/internal/univention-support-info/ We have packaged several older versions in branches/, which try(?) to download the latest version (or should do so). We should change those packages versions to automatically fetch the latest version from trunk/ so we only have to maintain one location.
Requested again via 2016062421000429
Well, it would be awesome to have the univention-support-info script within a shipped package! Everytime I have to use it I have to search the web for the right wget command...
Well, this ticket is nearly 5 years old! Maybe it is a good point to start a new investigation. As I've discussed with several guys from the Univention staff at the Univention Summit last week a package with a script included what downloads the "real" USI-script from the Internet, executes it and send the report back to univention would be a good solution. With that behavior it is confirmed that always the latest version of the USI-script will be used.
(In reply to Stephan Hendl from comment #11) > Well, this ticket is nearly 5 years old! > > Maybe it is a good point to start a new investigation. As I've discussed > with several guys from the Univention staff at the Univention Summit last > week a package with a script included what downloads the "real" USI-script > from the Internet, executes it and send the report back to univention would > be a good solution. With that behavior it is confirmed that always the > latest version of the USI-script will be used. This is targeted in Bug #29191, a prototype is already attached.
(In reply to Florian Best from comment #12) > This is targeted in Bug #29191, a prototype is already attached. An UMC module is nice but would I prefer a commandline tool.
(In reply to Stephan Hendl from comment #13) > (In reply to Florian Best from comment #12) > > > This is targeted in Bug #29191, a prototype is already attached. > > An UMC module is nice but would I prefer a commandline tool. Yes, the package ships also an CLI tool.
Well, as discussed with Stefan and CHristina at Univention Summit 2018 some additional cli switches would be nice: --upload-to-univention -> copies the file to upload.univention.de --add-to-ticket <Ticket-Id> -> adds the file to the ticket number instead creating a new one --copy-to-folder <folder> --copy-to-share <share name \\server\share> -> copies the file to a given share --user --password (optional)
Created attachment 9379 [details] univention-support-info (In reply to Stephan Hendl from comment #15) > Well, as discussed with Stefan and CHristina at Univention Summit 2018 some > additional cli switches would be nice: > > --upload-to-univention -> copies the file to upload.univention.de > --add-to-ticket <Ticket-Id> -> adds the file to the ticket number instead > creating a new one > --copy-to-folder <folder> > --copy-to-share <share name \\server\share> -> copies the file to a given > share > --user > --password (optional) I created such a script, which is attached here, (and maybe further developed in https://github.com/spaceone/univention-corporate-server/blob/fbest/univention-system-information/management/univention-support-info/univention-support-info). The script has the following usage: usage: univention-support-info [-h] [--upload-to-univention] [--sender SENDER] [--recipient RECIPIENT] [--add-to-ticket ticket] [--copy-to-folder folder] [--encrypt] optional arguments: -h, --help show this help message and exit --upload-to-univention Uploads and sends the file via mail to Univention. --sender SENDER The mail address of the sender. If not given, no archive will be send to Univention. --recipient RECIPIENT Recipient of the mail (by default feedback@univention.de). --add-to-ticket ticket Adds the file to the ticket number instead of creating a new one. --copy-to-folder folder Copies a backup of the generated archives into the specified folder. --encrypt Encrypt the archive and send only the encrypted version to Univention The scripts needs to run as root! I did not implement the "--copy-to-share" option and --username/--password is not necessary. The script might not work anymore if e.g. the upstream USI script has major changes or the response of the file upload service changes. The script caches a downloaded USI script and uses this if there is no newer variant. The underlying library "python-request" probably verifies the HTTPS connections. I think it would be a nice improvement to add a integrity check for the downloaded file as well, so that MITM attacks are absolutely prevented.
I've change the receiver e-mail address to 'support@univention.de' and tested the script with current UCS 4.3 flawlessly. However there are still some aspects to be integrated like - splitting huge usi archive - changing defaults over time (ask for T#, save 'sender' to ucr,...) So far the script is ready to be packetized and be shipped.
There is a waiting git pull request at https://github.com/nstoeckigt/univention-corporate-server/pull/1
It seems my script is already part of git@git.knut.univention.de:univention/internal/univention-support-info.git. We need to copy it to the UCS package. Do we need to make a checksum test of the downloaded version?
We should consider a versioning scheme: Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a Python 2.7 hashbang the other with Python 3.
(In reply to Florian Best from comment #21) > We should consider a versioning scheme: > > Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a > Python 2.7 hashbang the other with Python 3. UCS-4.4 will we out-of-maintenance soon ~ 1y After that we only need the UCS-5 version for Python3.
(In reply to Philipp Hahn from comment #22) > (In reply to Florian Best from comment #21) > > We should consider a versioning scheme: > > > > Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a > > Python 2.7 hashbang the other with Python 3. > > UCS-4.4 will we out-of-maintenance soon ~ 1y > After that we only need the UCS-5 version for Python3. Yes, but we will still need this in support for older versions. To switch back to the ftp version, for older versions, is not a good option. I think we cannot handle this, like the "normal" maintenance cycle.
An alternative to shipping this would be to make this installable via `pip install univention-support-info`. But hm, this requires a internet connection which might be broken.
(In reply to Philipp Hahn from comment #22) > (In reply to Florian Best from comment #21) > > We should consider a versioning scheme: > > > > Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a > > Python 2.7 hashbang the other with Python 3. > > UCS-4.4 will we out-of-maintenance soon ~ 1y > After that we only need the UCS-5 version for Python3. Oh, and the script only uses univention.config_registry as UCS dependencies. In UCS 4.4 Python3.5 is installed. I think we can create a version which works with that.
I merged your MRs now: univention-support-info (6.0.0-4) 281224492f21 | feat: added utility classes for downloading files and GPG handling 8ff544ffae2b | feat: Debian package info taken from UCS univention-support-info.yaml 580933bfb0fc | Bug #26684: Merge branch 'nradovanovic/26684-package-univention-support-info' into 5.0-2 14f5bad3a8d5 | Bug #26684: move repository to https://git.knut.univention.de/univention/components/univention-support-info univention-support-info (6.0.0-4) 1bc3957d5802 | Bug #26684: remove univention-support-info And built via: repo_admin.py -G git@git.knut.univention.de:univention/components/univention-support-info.git -b master -P . -p univention-support-info -r 5.0 -s errata5.0-2 && b50-scope errata5.0-2 univention-support-info
OK: a new script "univention-report-support-info" downloads and replaces the shipped USI script if the provided signature validates against /etc/apt/trusted.gpg.d/univention-archive-key-ucs-*.gpg OK: email can be sent to univention with supplying a ticket number (if local email relay host settings are done) OK: USI can be encrypted and other optional arguments of USI can be supplied OK: YAML OK: univention-support-info has been moved into git@git.knut.univention.de:univention/components/univention-support-info.git # univention-report-support-info -h usage: univention-report-support-info [-h] [--upload-to-univention] [--sender SENDER] [--recipient RECIPIENT] [--add-to-ticket TICKET] [--output DIRECTORY] [--encrypt] [--full-logs] [--flat] [--quiet] [--debug] Wrapper for USI script. Downloads the latest USI version, executes it, uploads resulting archive to Univention and attach it to a support ticket. optional arguments: -h, --help show this help message and exit --upload-to-univention Uploads the resulting USI archive to the Univention upload service. --sender SENDER The mail address of the sender. If given, the upload ID is send to the Univention Support. --recipient RECIPIENT Recipient of the mail (default: support@univention.de). --add-to-ticket TICKET Adds the file to the ticket number instead of creating a new one. --output DIRECTORY Keep the resulting USI archive in the specified directory. univention-support-info arguments: --encrypt Encrypt the archive and send only the encrypted version to Univention --full-logs collect also rotated logfiles --flat flatten the directory structure --quiet Almost no output --debug enable debug
<https://errata.software-univention.de/#/?erratum=5.0x481>